CVE-2025-63389CRITICAL 9.8EPSS p45.5%

CVE-2025-63389CVE-2025-63389

Description

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.63% probability of exploitation · percentile 45.5% · 2026-06-18T12:00:27Z
Published2025-12-18
Last modified2026-01-22

Underlying weaknesses· 1

CWE-306

References

  1. https://gist.github.com/Cristliu/48dae561696374744d9fced07a544ecd
  2. https://gist.github.com/Cristliu/b6f4d070fb27932f581be1aadc0923e7
  3. https://github.com/ollama/ollama/issues

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-7482
CVE
CVE-2025-66698
CVE
CVE-2025-1793
CVE
Langflow Missing Authentication Vulnerability
CVE
CVE-2025-12805
CVE
CVE-2026-42248
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.